Posted
by
michaelon Saturday May 31, 2003 @01:21PM
from the end-of-an-era dept.

mokiejovis writes "Program manager Brian Countryman stated that "as part of the OS, IE will continue to evolve, but there will be no future standalone installations. IE6 SP1 is the final standalone installation." See the Microsoft TechNet article." Several of the people submitting this story have come up with elaborate theories about why: killing competition, etc. etc. I think the truth is just that Microsoft intends to integrate DRM very tightly with their OS and browser, and they're aren't going to try to backport that to, say, Win98, so they just aren't going to release new versions of their browser for old, DRM-less operating systems. In the future server-side browser detection may be more about detecting whether the browser supports the DRM your "web service" uses than what version of Javascript or CSS the browser supports.

In the future server-side browser detection may be more about detecting whether the browser supports the DRM your "web service" uses than what version of Javascript or CSS the browser supports.

Browser detection has always been about identifying what capabilities the browser supports, or what bugs need to be worked around. Otherwise you wind up with sites that don't work in some browsers, and everybody bitches at you for not supporting them. The key is to not redirect to a page recommending that the user download IE or Netscape, since that really pisses people off.

I don't plan on producing DRM-protected content, so I don't plan on detecting browser support for it.

Browser detection has always been about identifying what capabilities the browser supports, or what bugs need to be worked around. Otherwise you wind up with sites that don't work in some browsers, and everybody bitches at you for not supporting them.

You are missing the point.:-) If Microsoft has their way, there will only be one browser. Detection and customizing your web page for more than one browser will be moot. {sarcasm} All this open source stuff and other browsers will just get in the way. {/sarcasm}

You are missing the point.:-) If Microsoft has their way, there will only be one browser. Detection and customizing your web page for more than one browser will be moot.

As opposed to developing a windows application where you have to work around windows versions, service packs and library versions installed? For example, a client requirement was to make an applications title bar flash when a query was completed. I had to write code to support Win9x,WinME+NT4 and Win2K+XP.

It's one company with one product, but many versions you have to code against. So it's sure as hell not moot.

What it boils down to is that at some point they have to show you the data.

Nope. Micrsoft's DRM plans are truely midboggling. That's why you're going to have to buy new "palladium enhanced" hardware. With the new DRM the only way you ever "see the data" is on the screen. If you're lucky you can photograph it.

load some future drm-enabled webpage in winbloze on home network with linux box running ethereal, follow tcp stream, cut/paste code into file and view in mozilla, an open source drm-free environment.

Nope. You can copy the TCP stream, but it's all encrypted. Paste it into Mozilla or any other program and you have nothing but garbage.

It's some read hard-core shit. You hack into the monitor cable to grab the video and you find that's encrypted too. The video gets decrypted inside the monitor itself.

Hell, you hack into the keyboard cable and that's fucking encrypted too. Are you starting to get the picture? They have gone off the fucking deep end. The entire machine is one big fat lock.

You load up a program to snoop the raw data in ram and you find the ram is divided up into seperate vaults. There's no such thing as flat memory.

If you patch any of the system files all the DRM systems lock out. Considering that it's one big fat DRM machine I'm not even sure it'll even boot. If it does boot you won't be able to do much more than run Minesweeper, solitare, and notepad if you're lucky.

The machine will also only fully function while you are actively conected to the internet. Some of the functions periodically ping a cryptographicly authenticated time server. If your net connection goes down, or it doesn't get an authenticated response for any reason any time-relevant DRM stuff immediately locks out. That lock up can include programs, audio/video files, application data, even freaking e-mail. But don't worry, you can still play minesweeper while you wait for your net connection to come back up.

Microsft wants DRM to be invisible and ubiqutous throughout the system. People are suposed to take it for granted that everying is DRM'd. DRM content won't have an flashing DRM labels on it. You'll just find that all sorts of features like SAVE AS are missing. And it's not just that the feature is missing from the program. The machine is physically incapable of copying the file. How's that for nutz?

What a lovely bait for Mother Of All Denial Of Service Attacks. Not using the machine as a tool to bring down other machines: I mean, using a judo approach, with the intent being to reduce the victim machine to a lump of expensive inert metal. All you have to do is convince it that something is wrong, or that a lot of things are wrong, and it will attack the user FOR you. Sweet! And apparently it will be absolutely intractable. You only have to trigger it, and the triggers are apparently real sensitive by design...

Go to This school's [aug.edu] online student services with Mozilla/Firebird/Opera/Konqueror/Lynx. Note that faking the user agent string doesn't always help. The best part is that the actual page [aug.edu] and its services work perfectly with Mozilla/Firebird/Konqueror. I assume several other institutions have bought this services package (Pipeline), and that there are other services packages from different companies with similar checks.

I recently graduated from Augusta State, and I know the issue has been pointed out to the people responsible for the service. They have taken an "it works well enough stand", and they would rather block access to the service completely rather than allow a student to experience a technical glitch caused by a browser that doesn't like some of their code (a paraphrasing of the response I received after complaining). Several members of the faculty have pointed it out, but they seem unwilling to update the browser detection code. The biggest problem is that it looks for certain browsers to allow access rather than to just block browsers with known problems.

Of course, they were still using Netscape 4.6 when I left this past summer, and Pipeline works with that...

I did fine in Opera 7.10, but my real question is, hwo can a server know what browser you are if you fake the string? I mean, I've been to sites and had "Identify as MSIE 6.0" on but it still gave me the "not compatible" issue. Is it some feature they check just to weed out browsers? And to what end?

I was baffled by this with Capital One's banking site. I finally realized they were using JavaScript to detect the browser, which is totally independant of the UA string. No browser I am aware of allows changing what JavaScript reports.

JS browser detection is used frequently, but mostly to determine what JS code needs to be used. In some cases, though, the JS then redirects to the appropriate URL (the real site, or the "Upgrade Now" page).

I thought it was something in the SSL negotiation. If there's hard crypto involved in the browser identification step, you won't be able to fake it. That's where I'd be going if I were Microsoft, for sure.

Then, even if you do have "clever people" circumventing your access controls, you can still keep industry from adopting the circumventions. (Individuals might not care about the legality of their actions, but nobody is going to write a business plan around an obvious DMCA violation).

Repeal the DMCA (at the ballot box or at the point of a gun, I don't care how you do it), or live with its consequences.

That's a pretty funny statement. The service packs are bug releases, hence they contain required changes that were not originally planned. How can Microsoft claim this is the last one that will be needed? Does this mean Microsoft will just abandon all of their users still running older versions of Windows?

I suggest this is just laying the groundwork for FUD to force users to pay Microsoft to "upgrade" their OS in order to replace the latest IE security vulnerability with a whole new set of problems, vulnerabilities, incompatibilities and restrictions.

I don't remember the role of the editor including giving personal opinions over and above those stated in linked articles. Why don't editors submit the story with a summary of other people's reasons, then post their own comment?

I do agree with Michael though, it seems fairly pluasible. All the same, it obviously has a competition-killing aspect to it, since Microsoft will tightly control their DRM technology, meaning that DRM-only web sites will probably be IE only, or at the very best IE plus other browsers whose licenses allow embedded proprietary code.

Im wondering how this would be implemented. Browsers already such as Opera can fake the version that the browser is identifed as. How will DRM work in this case? Will there be an encrypted key or something else?

I don't remember the role of the editor including giving personal opinions over and above those stated in linked articles. Why don't editors submit the story with a summary of other people's reasons, then post their own comment?

Remember: in a newspaper, the editorial is where the editor gives his personal opinion.

It's simple, really. Remember: this isn't a newspaper. It is not a real news source. Linking to other networks and sites does not make you a legitimate news site, which is fine. The term editor is being used in an unconventional way for Slashdot, so don't hold editors to genuine editorial standards.

Right, except that the use of the term editor is not all that unconventional.The primary duty of editors is the selection and placement of content. There might be an editorial page where an editor can give him or herself the role of columnist extraordinaire, but it's not germaine to the duties as editor.Slashdot is primarily a discussion forum with links to news stories of interest, with a few choice words to help start the discussion. In this context an overt bias is expected and actually helps move things along.

It's naive to think that editorial opinion is confined to editorial pages. Astute readers can detect it everywhere, including in the mere selection of which stories to print out of the myriad candidate stories. This is true for newspapers, magazines, and (of course) cable news networks, who wear their editorial bias on their sleeves, right out in plain view [foxnews.com]. Those who have been paying attention know that the journalism industry has realized that it's just a business, and they'll offer up a trough full of whatever the people are willing to consume. It is not a branch of government...just a business. It's silly to criticize slashdot for not living up to standards that even "real" journalists don't live up to these days.

Honestly, what Slashdot is these days, rather than the great tech news site it used to be, is generating page hits. This means posting Microsoft articles at least once a day with some flippant remark or editorial in the summary so as to cause "controversial" discussion. The company likes that.

SCO is a big thing as well which gets hits, so even when there is no real news about it, we get "today's SCO news" posts.

It's getting harder and harder to believe the editors are genuine in their mantra that they simply post what interests them. Being corporate-owned, there are other motives at play in the selection of articles, the headline used, and the summary chosen or written.

The real problem you're discussing is one that has been noted many times: the internet kills anything successful.

Basically, the promise of the net is everyone's a publisher, and can make something kewl, and show it to everyone.

The problem is if they do a good job of it, they get popular. Bandwidth bills go up. They can no longer afford the site, because banner ads don't get you shit. Unless you're a lowest common denominator genius like stile [stileproject.com] (but there's only one stile).

So, they either die, get bailed out by a benevolent donor, or get bought by someone who cares about all the page hits.

So slashdot purely existing as a "great tech news site" was not a long term option. Because being great means being attracting attention, and attraction attention costs YOU money on the net, not your consumers. This inversion is not necessarily the panacea it was thought to be 10 years ago.

Personally, I'm quite content to go on loving to hate slashdot for the forseeable future. Gives us gov't workers something to bitch about at coffee break.

Microsoft will tightly control their DRM technology, meaning that DRM-only web sites will probably be IE only, or at the very best IE plus other browsers whose licenses allow embedded proprietary code.

This is the most disturbing part of this whole story for me. Disturbing because this fits so well with what has been MS SOP for years now. I guess now that the fear of the GOV and litigation have been removed it is time to take monopolizing to the next level.

This is Telex4's point, in this comment's grandparent. "Microsoft will tightly control their DRM technology..." should not be the most disturbing part of the this whole story, because it isn't part of this whole story; it's the editor's OPINION.

This thread is having a petty argument over whether or not slashdot is a news site and whether or not slashdot's editors are truly editors in the journalistic sense.

1. Slashdot is a news site. They relay news, the same way local newspapers relay Associated Press articles and articles from better papers (NY Times, Washington Post, etc.).

2. Slashdot's editors are editors. Many people read slashdot exclusively, at least for this kind of news, and slashdot's editors are in charge of what stories go through and what their readers are subjected to.

3. Yes, editors do pass subtle opinion within stories in newspapers all the time. There's a difference between what they do and slapping "I think that..." directly after a story. What slashdot editors do DRAMATICALLY changes the articles they post. In this case, it changed a sotry about MS no longer bothering to make new versions of IE work on old Windows installations into a story about the tyrant software villains deftly attacking the open-source world.

Slashdot editors: C'mon, I know it's your site, but just cut it out, eh? I hope you realize how hypocritical you all are when you scold MS/SCO/etc. for spreading FUD.

Tying a browser to hardware can be really bad for us mozilla men.
Online Banking will jump on it real fast. Secure communication will later require IE for authentication.
This would put us at a huge disadvantage.
I had a thought:
Would it be possible to run a "Virtual Palladium" (software driven)? It'd involve running parts of the software in a virtualization machine like bochs.
Microsoft patented the hardware not any software.

Why? Online banking works just fine today. The banks will cater to the lowest common denominator. If even 10% of their users have problems accessing their online banking accounts, the cost of customer service calls will by HUGE. Most features and services are designed to cut down on customer service calls.

"Online banking works just fine today...If even 10% of their users have problems accessing their online banking accounts, the cost of customer service calls will by HUGE"

Online banking today cuts-out everyone with a browser which doesn't transmit "MSIE" in the user-agent. Yes it sucks. Yes it's the reason I don't use online banking. And yes, it is damned stupid to be requiring a fundamentally insecure browser incapable of securely handling SSH sessions, for banking transactions. But tell that to your ba

> The banks will cater to the lowest common denominator. If even 10% of their users have problems accessing their online banking accounts, the cost of customer service calls will by HUGE.

Correct me if I'm wrong, I think there are a significant number of banks out there that currently only support IE. It seems to come up here on Slashdot every once in awhile.

Additionally, the number of support calls might increase, but the duration of the call will likely be short:

Customer: Um, yeah, I'm using Mozilla on <insert your favorite OS here> but I can't access the online banking page.Support Person: Sorry, you have to use Internet Explorer to access our online banking pageCustomer: But I'm running Linux!Support Person: Sorry, we only support Internet Explorer.Customer: Curses! I'm going to find a new bank then!Support Person: Is there anything else I can help you with today?{dial-tone}

I don't know about y'all, but all the banks I have been with could care less about losing a small fry like me.

Man, it must be 5 years since I started using www.netbank.com. Has worked great with Mozilla. I really doubt oneday I will go to the site and not being able to access my money. Banks are highly regulated, and I think it wouldn't be too difficult to construe other reasons (even if they are not true), why the bank no longer is letting me access my money. No, I think MS missed the boat with the Internet and will NEVER be able to catch up enough to gain the kind of control they are hoping for(thanks to OSS).

Palladium is specificially designed to prevent a virtual implementation. That's the whole point of "trusted" hardware: the DRM app needs to know that it's running on a specifc, MS-approved device that won't leak its output to a screen-capture utility or through the analog hole.

It achieves this using PKI and digital signatures, so a virtual version would need to forge the Palladium device's signature. That means finding the private key, which is a DMCA violation and, more importantly, practically impossible. It's 2048-bit RSA, which would take trillions of years to crack even using the most powerful distributed computing project.

There are essentially two security models developing in the world of computing right now: Microsoft's.NET/Palladium/Hardware based model, which is Windows-specific; and Sun/IBM/Etc.'s Java/Liberty/Software based model, which in theory should be OS-independent, but ultimately MS will try their best to prevent it from working on Windows, and so will likely only function in the Linux/Unix realm.

Each passing day, MS brings the world closer to their MS-specific security model. As much as all of us want to avoid having to pay the Microsoft tax when we use technology, if left to their own devices, MS will attempt to erect a virtual toll-booth within as much aspects of technology as possible - be that the internet, PC's, or digital devices.

As developers, hardware specialists, what have you, we need to do our best to adopt, promote, and develop open-source technologies today, to prevent MS front owning what is now public domain tomorrow. "If we don't take action now, we'll settle for nothing later; if we settle for nothing now, we'll settle for nothing later." RATM. It might sound trite, but it applies to what is happening in tech right now.

Mozilla is fast, stable, mostly bug-free (and what bugs it has are fairly straightforward to work around) and very standards compliant. The last is important: it means I know what will happen if I write certain code.

Wish I could say the same for IE. Even its bugs have bugs. (Though admittedly it is not as bad as NS 4.)

You should look at MozDev [mozdev.org] - there's a furious amount of development going on for extensions and plugins to the basic browser. It's amazing, and something I haven't seen in the IE community since the dot-com money went away.

The Internet Explorer team has put a great deal of effort into providing fast and stable implementations of 100 percent of CSS 1 and 100 percent of DOM level 1 with this [MSIE6] release. With the emergence of other browser versions over the last year supporting these standards, this is clearly a step forward in interoperability of browsers. [1]

This is not true....

According to Microsoft own claims, through the document.implementation.hasFeature() method, Microsoft Internet explorer 6sp1 claims that it do not support DOM Level 1 HTML, but the DOM Level 1 XML returns true on the support question.

But...the node-type constraint, which is defined by the Node interface is not defined my MSIE6 SP1. In other words, Microsoft do not support ANY DOM modules at all.

Microsoft believes very strongly in Internet standards and the standards process, and is committed to implementing appropriate standards when driven by customer demand. [1]

Oh, so just send in a lot of Mail to M$... You all know that MSIE have full PNG support[2] since MSIE 4.... Thats what they promisted[3].

What I am expecting will happen is that IE will be absorbed into the integrated office environment, in the same way the Word/Excel et al are being drawn into just one package.

By bundling everything in together (probably with a mail client), M$ no longer have to worry about the opposition packages. It also would no surprise me to see integrated OS and Office package bundles/licenses, to keep out the competition.

As for the lack of support for DRM in Win98 being a motivation for no longer producing a standalone version, remember that M$ officially no longer supports Win98 installations.

By bundling everything in together (probably with a mail client), M$ no longer have to worry about the opposition packages.

MS will have to worry about offices making the decision now. As much as integration helps future sales to MS-only shops, it stifles sales to shops that use mixed products. If I owned a business, such integration would make me wary of buying into a complete MS solution for fear of future commitment.

If MS start bundling something 'good enough' for most with all Windows licenses for £20-30 extra then every shareholder out there would complain very loudly. If they put the price of Windows up significantly, the low end market will leave Windows and move to LindowsOS beacuse it's 'good enough' and would then be a really significant saving.

MS aren't that daft. Office isn't getting bundled with Windows any time soon.

I for one, don't care. I haven't seen anything I would call a "feature" since... well... a while. IE6's media integration and image handling are more of an annoyance than a feature, and I CERTAINLY don't concider DRM support a feature.

I think that Microsoft's grand plan to move the world over to Trusted Computing will end up cornering them into a one-dimensional business plan. Anything outside that market will end up thriving. Robust alternatives like linux and Mac OS will become the dominant platform because they will not corner themselves into discreet markets, but rather, will continue to expand.

If this is the last stand-alone version of IE they are betting that their operating system and plan is the *only* operating system and plan. If they make too many mistakes in their Trusted Computing movement they may fail entirely as a company in the near future.

You have a lot to learn about business. First off, MS if a brilliantly run company. Joe Schmoe (yourself) saying that MS is on it's way out is like Joe Schmoe telling me that Warren Buffet doesn't know investing. You're clueless.

Secondly, Ms probably doesn't want "Anything outside that market". If you've ever studied business a day in your life, you'd know that companies tend to focus on what they're good at. Those who try doing too much tend to fail. MS expands into other markets, but very slowly and cautiously. They're printing money with Windows & Office, and if they lock people into it even more, well, then they're going to keep on printing money ad infinitum.

1. Microsoft ships their browser for free with the OS, fairly tightly integrated, thus marginalizing Netscape and any other browser on Windows.2. Netscape et. al. convinces Gov't to sue MS for monopolistic, anticompetitive practices.3. MS is found guilty of monopolistic, anticompetitive practices.4. MS is slapped on the wrist by the Gov't and promises to play nice, ships OS update to remove the IE icon from the desktop.5. {six months pass}6. MS announces even tighter integration of IE into the OS.

It is a fact, as found by a US court, that Microsoft is not only a monopoly, but an abusive one, deserving of severe punishment. The Bush administration got a large sum of cash from Microsoft, and made it go away conveniently.

Now that is an interesting point. MS got AOL to back down on the browser wars by giving them what amounts to a permanent license to IE for next to nothing. Now they're saying that there won't be an independant IE anymore for AOL to license or use. So AOL gets stuck with a out-of-date browser, or has to force its users to keep on the Windows upgrade treadmill. It also looses any chance of ever competing with Microsoft, and can now be killed any time Microsoft feels like it. (Through the old "Windows isn't done until Lotus won't run" tricks)

Wow. Those Time-Warner executives who're calling the shots are so much more business-savvy than the AOL ones who were in charge before. Why is it that whenever a company starts doing something criminal and anticompetitive, other companies start lining up to get their heads chopped off?

That's interesting. If AOL is caught on an older version of the standalone browser, then doesn't MSN have a big advantage ? Start building in lots of new features and AOL's browser would start to look jaded.

Would probably be tough to call it anti-competitive too. "Look, we went to AOL and they did this contract with us!"

Seriously. Isn't this a bad move for them to make regarding the anti-trust suit? Doesn't this kill their whole "freedom to innovate" mantra?

In any case, it doesn't really matter. Strange that Microsoft would virtually abandon a project that could have much work done to it, and yet try to push along new OS/Office versions which really have much possible improvement.

Maybe they are realizing that they can't compete with the Moz group, and are deciding to go in through the back door, back to their old tricks.

Everybody's jumping to conspiracy conclusions, but here's the simple answer: when you give away browser upgrades for free, but you charge for OS installations, and you think that the browser is becoming more important than the OS, you have to merge the two together.

As time goes by, more and more applications become web-based. These days, consumers are more concerned about the version of their browser than the version of their operating system. When you try to hit your favorite web sites, check your web-based email, etc., it doesn't matter whether you're on Windows 98 or Windows XP: the browser version is what matters. They know they can't simply start charging for browsers, so the way to fix this issue is to only do new browsers with new operating systems, and blur the line between the browser version and the OS version.

Bottom line, Microsoft wants to get consumers more interested in OS versions again. If consumers see a web site that says, "Sorry, you need Windows 2005 to view this site," then they have a much higher chance of opening their pocketbooks than if the web site says, "Sorry, you need IE8 to view this site."

Sounds to me like your trying to piss them off, especially when you charge $300 for the operating system... I think they are shooting themselves in the foot with this one. I mean is it easier to upgrade the OS or try to find a free alternative that supports the added features...

oh say like MOZILLA...

I have faith that the mozilla project coders will be able to implement any 'special' features microsoft adds to their browser. Especially if its based on open web standards like XML, CSS, HTML...

It is completely laughable and sad that Microsoft was found to be an illegal monopoly for this very reason, and now they are integrating IE and Windows even further. The government really showed Microsoft!

No matter what your opinion is about the anti-trust trial or anti-trust laws in general, this is a clear display of how the Bush administration favors big business and selectively enforces laws in the favor of big business. The DOJ forced a "slap in the wrist" settlement against MS, and now MS and co. don't fear doing again what they were found guilty of doing before.

At the rate things are going, it may be ahead of the curve for them to be planning for a Microsoft Planet just yet.

More and more people are not buying the upgrades for either Hardware or Software, because what they have is just good enough. This is driving manufacturers wacko. For word processing and basic home stuff, a few hundred megs of CPU speed is good enough. There is no compelling need. A lot of people are not doing the routine upgrade, and are getting off the treadmill.

How many minutes has it been since Microsoft spent 3/4ths of a billion dollars putting that Netscape stuff to rest? It was a strange set of arguments they had, simultaneously attempting to prove that IE was "an inextricable part of the OS" and yet entirely optional with no unfair advantage over any other browser option the user might attempt to use.

Now that that case is put to rest it's about time they made sure that the next generation of DRM technology can't be run under WINE or on the MAC. The best approach I can imagine for this is to have is use an entirely proprietary API for IE and to update it with WindowsUpdate. It's not hard to imagine the newbie surfing along who gets this webpage.

Our web servers have observed that your computer needs several security updates available for free from Microsoft [here]. For the safety of our customers we cannot allow you to continue surfing our site until these updates are in place. We apologize for any inconvenience.

At that point the user is using the latest IE with DRM enabled with no idea how many or few sites need it. All your content can then be DRM protected by default with FrontPage, and the user's take is that everything "just works" when they use IE, and has intermittant and annoying problems with every other browswer. This strategy is getting old.

As a web designer, this worries me. How am I supposed to test my sites from here on out? Before it was as easy as loading up said site into IE 6 or IE 5 or what have you and seeing if the layout was as it should be. What now?

Not that I need a version number, but I would like to know how they're going to dole out any updates to Javascript, CSS, and the like. I sure hope it doesn't become small updates like "CSS Update 12-2-04". The goood thing about browsers up until this point, new features were released all at once in slow updgrade cycles, which meant you were testing at a stationary, not a moving, target. I'm curious to know how this will be handled from now on.

And yes, yes I know, "code to standards", which is the way it *should* be, but in practice, there's the reality that not all browsers output the way you need them to (especially IE).

And yes, yes I know, "code to standards", which is the way it *should* be...

I think Microsoft should be given a good dose of their own medicine. Code to XPFE [mozdev.org]. Write remotely distributed web applications [oreillynet.com] using XUL and friends [xulplanet.com]. Link to your application from a plain vanilla web site that contains an "only works w/ Mozilla" icon that points to the Mozilla site [mozilla.org].

Of course there's a big difference between coding Mozilla specific applications and coding MS/IE only applications. Mozilla is an open-source project built on open standards. MS could, if they so choose, implement any of Mozilla's features they like. The converse is not true.

If enough people get Mozilla on their desktop, and enough people start writing good XFPE applications, this could put a serious dent in MS's plans for world domination. Among other things, Mozilla doesn't require Windows. If you write a Mozilla application, you're doing cross-platform development. If the Oracles, IBM's, SAP's, ERP vendors and the like don't see the value of this, they are missing a golden opportunity.

Take the on-line banking example people seem to be so fond of today. You could build an extraordinarily rich on-line banking application on top of Mozilla today, than virtually anyone using any operating system could access. They would have to download Mozilla, which is free. Contrast that w/ writing to IE. Perhaps MS will someday offer an intriguing feature, but if you want your clients to enjoy the experience they will need to run the latest version of MS Windows. Unless they have a recent PC, it will cost them money to use your site. That's assuming they have a PC, and have reserved room on their hard drive to install an MS OS.

And then there's AOL. After years of investing in Mozilla, at a time when their labors are bearing fruition, they ink an ignominious deal with their biggest enemy. The board of directors should take the people responsible for this to the woodshed, spank them soundly, and send them packing. How could management be so ignorant of the value of their own assets? They could do things on AOL using XPFE [mozilla.org] that would make the MSN droids drool. What dopes. On top of that, how much further development do you think a billion dollar settlement would have funded?

A: Although this is off topic, I will answer briefly: Legacy OSes have reached their zenith with the addition of IE 6 SP1. Further improvements to IE will require enhancements to the underlying OS.

What, exactly, about web browsing could require 'enhancements to the underlying OS'? The only answer I can think of is DRM/Palladdium, but of course Microsoft does not want to say that. They want these "improvements" to sound like "features" that people would actually want. Perhaps they will play on peoples' fears of online banking and ordering?

I have to admit that I'm a bit confused by this. First of all, it's a two-sentence statement in a chat room, so there is very little information to go on.

My question is, does this mean that end users will have to upgrade their OS to receive a new browser version? If this is the case, that's a huge blow to web developers. There are still a lot of things that IE6 supports poorly or not at all: transparent PNGs, CSS2, etc. I'm not seeing any indication that Microsoft is concerned about the continuing development of their browser AT ALL.

IE6 has really stagnated, and since Microsoft and AOL settled, I firmly believe that AOL will stop paying developers to work on Mozilla/Netscape. If both IE and Mozilla stagnate, the people who lose are developers whose platform is a web browser. I'm concerned that the stagnation of both browsers may stifle the innovation of developers who wish to deploy applications to standards-compliant web browsers instead of to a specific platform. (This means that those of you who don't use Windows should be VERY concerned, because if web browsers stagnate now, developers will continue to develop for a single platform instead of to a standards-compliant web browser platform. Microsoft doesn't seem to be interested in extending IE's functionality -- instead, the company seems to be pushing developers to make IE plugins, which creates lock-in.)

The Web has only been around for 10 years, and has only really taken off in the last 6. I don't think browser innovation is at its "zenith", and I certainly don't believe that DRM is the only thing left to add to browsers. It concerns me that Microsoft (or at least that Microsoft spokesperson) seems to think this is the case.

It sounds like they're not doing true transparent PNG support and there's no mention of them fixing the longstanding HTML and CSS bugs.

Those of us who make websites for a living don't care what it's tied to as long as Microsoft can follow standards. If the browser is truly XHTML/CSS/Javascript compliant I don't care if it requires a blood sample to boot, it means that I won't have to do any browser detection or special cases to deliver a site to my clients, saving them money and me some grey hairs.

How about a new version of IE for OS X, eh? We've been stuck with this one for 2 years.

You are right in a general sense, but the beauty of the capitalist system is that every market niche will be filled.

If there is enough people that wants or do not want something it will be provided.

Case in point, Internet Banking. There is not much value Added that a Bank can do. Remember Gates' much maligned comment a few years ago (pre interenet if I remember) that banking will be reduces to a few lines of code. He was close to being right, except Banks didn't want that and rebelled.

Think of all of the friends and family that you know that bought a computer during the interet craze. Most of those had Windows 98 on them. Now think of how many of them ever bothered to upgrade their browsers. Many websites that deal with secure communications to non tech savvy people have to deal with this. At least now they can say "Oh, you need IE 5.5 or greater" and link them to a download site. Now they are going to back you into a corner and say "You need Windows 2008 or greater" or they are just going to stop developing past IE6. Either way, it is a strange move on MS's behalf. They must be underestimating Netscape / Moz's abilities. I wonder some times why there are sites complain that you need IE6 to view them, yet they work fine in Mozilla if you hack the response to mimic IE6. Lazy people I guess.

I've seen the inevitable 'online banking' scenario thrown up here a few times. What's going to happen is this...

At some point, bank X will say "we're now going to require IE8 to secure online banking".

People will complain and say "hey, but I only have WinXP, and I can't get Win2006" (or whatever it becomes).

Microsot will have contacted banks and negotiated a way for banks to giveaway (or sell) copies of the latest Windows version, locking in users who may have considered switching at that point.

Bank replies with (or promotes in branches)"Hey - to give you the ultimate in security, we're going to require Windows 2006 - the best in security. If you don't have a copy, we can sell you an copy for only $29.95, which can be applied to your checking account over a 3 month period - that's less than $10 month for modern security!" or something like that.

People will just use it because it's going to be pushed by most major banks. MS is the only company that can afford to do this (buy mindshare from large companies) and they're about the only company can can't afford NOT to do it as well.

Perhaps banking with MS software will be 'free' and using something else (linux/mac) will cost a 'security fee' because you're using something that can't be 'trusted'. There are teller fees, why not 'browser fees' for 'untrusted' browsers?

Microsoft may have already bought a bank (or started their own) in the next few years anyway. Banking fees are certainly a stream of steady income. If WalMart can sell used cars (probably real estate at some point too!) does MS banking sound all that far-fetched? Perhaps everyone writing M$ will give the idea even more credibility!:)

Is that what I have? So "standalone installation" is Microsoft code for "Well, we'll let you delete it (it goes in the recycle bin and all) but it instantly comes back"?

If WinXP wants to protect its help system, that's fine. But the IE frontend shouldn't have anything to do with that. And even so, there's no excuse for Outlook being undeletable. It doesn't show up in the Add/Remove applications window, even under "Windows components"

Host: Rob (Microsoft)
Q: when will IE get transparent PNG support?
A: Ian, I'm sorry, I can't answer that question for you

With this:

Host: Brian (Microsoft)
Q: Why is this? the anti-trust? (no further standalone)
A: Although this is off topic, I will answer briefly: Legacy OSes have reached their zenith with the addition of IE 6 SP1. Further improvements to IE will require enhancements to the underlying OS

It would seem that MS has painted itself into a corner with the feature set of IE. They seem to rely on the OS for so many things the browser does (like alpha blending, or the lack thereof). I wonder if the OS development team has oversight of the IE development team. There really isn't much reason that the IE team wouldn't be able to build a feature like alpha blending independant of the OS (lots of apps like Photoshop do this), unless they have been told not to deviate from the OS feature roadmap. Why else wouldn't the IE Program Manager be able to answer a question about PNG support? Sometimes it seems like the IE team is really just a department of the OS team, which is something that MS could not legally admit from what I understand.

Time Magazine Interview with Tim Berners Lee [time.com], unfortunately, a preview to a for-pay full article. If anyone knows where the full article is, for free, let me know.In any event, in this article, TBL - creator of the web - discusses what his greatest fear for it would be. In other words, what would harm the web most?His answer: A "split" internet. Browser A is best used for this site, browser B is best for this one. DRM, thus, is technology that will do - as most of us are no doubt aware - more harm than good. It DESTROYS the ubiquitous nature of how one SHOULD be allowed to access online content. Time, ironically, has designed their site to be used with Browsers X and Y (Netscape and IE).

" I think the truth is just that Microsoft intends to integrate DRM very tightly with their OS and browser, and they're aren't going to try to backport that to, say, Win98, so they just aren't going to release new versions of their browser for old, DRM-less operating systems."

No, it means that the new features will be implemented the same way Windows Update does it for integrated aspects of the OS now: it will be downloaded and installed onto the system. What this means is that you will not be able to JUST get IE, but instead only get it through Windows.

I think such a strategy might ultimately be bad for MS, particularly as the Web is becoming more and more standards-based. It would essentially be the opposite of the strategy that caused a gradual migration to IE from Navigator: "You need Windows 2005 or Mozilla 1.6 to view this page." If one is free, it's not a tough choice.

I've always said it, and I always will, the community's incessant bitching about how insecure microsoft is has led to attrocities in design.

If security was designed in from the start, the design should be elegant and transparent to the end user.

Example: Windows file protection - to avoid DLL Hell. DLL Hell was pure and simple bad user habits (running in Administrator mode etc etc). So they made a system that completely bypasses security, and disallows everyone on your system from changing files... even administrators. It's a travesty, that's what it is.

That actually was a response by MS to programmers who felt like using a specific API in a specific DLL, of felt they could just over-run Microsoft's designs willy-nilly. Remember, the most pervasive Windows out there is still the 9x series, not NT and it's modern kin. Most users are root whether they like it or not.

Well, here we see another travesty: because of simple HTML script exploits, which under normal circumstances (ie, if you weren't running as admin) would have very little consequences, Moft has come up with another travesty, has introduced 'state' into what should be stateless... And as a result, I just can feel the hours and hours of headache that is now set upon us programmers, for the rest of time.

Two issues:

1 - Once a machine is compromised as any user, there are other ways to elevate privileges. IOW, runnig as admin usually has little or no effect to a serious cracker.

2 - If the security mechanisms are properly designed, you won't be spending "hours and hours" dealing with security. If you are, Microsoft will have done a piss-poor job (again)

I can clearly recall posts on slashdot, (but to be fair:/. isn't the only guilty body, every bitchy tech writer of the times is), saying how IE had too many priviledges.

What is supposed to be and end user application is an integral part of the OS. Sounds like a recipie for exploits to me. Unless of course they implement stringent secutiry mechanisms.

All I have to say is BULLSHIT... IE has as many priviledges as the user running it - and as such, just as many, not any more than Mozilla running at the same user level.

But Moz isn't part of the OS. BTW, IIRC, IE (specifically MSHTML) is loaded into memory before a user logs on. That means that that part of the browser requires system level priveleges. Mozilla's "turbo" mode (whatever it's called) requires you to log in first. See a diffrence?

Now, because of that bitching, we have a 'lowered priviledge set'... something which isn't based on users... it's a whole policy scheme... It's introducing complexity where there is no need for any... Yadi yada... *Sigh*...

Security is never easy, but it need not be complex. The one thing MS usually does well is make life easy on thier drone^H^H^H^H^Hdevelopers (right, Mr. Ballmer?), so you may have an easier time that you think. Unless you're so used to security as an after thought, that it does become a pain. IMHO, that puts you squarely in the "Part of the problem" camp.

Boo on everyone.

No, shame on you for not wanting to have to do any work at all in order to have secure code.

Bottom line, if this ultimately makes the Internet a more secure place to do business, then I'm all for it. Digital signatures would be very cool once they are implemented on a global scale. No more paper filing, the trees would be happier:), and best of all, if this is implemented well, that bond of trust between businesses and consumers can be strengthened.

Bond of trust? What fairytale world are you living in? Is copyprotection a bond of trust? How come there are all these shitty CD's being released that won't play on computers? Is that the bond of trust you are talking about? How about the news that moviegoers are going to be metal-detected when going to see Finding Nemo? Is that trust?

Try doing transparency with png's in IE. They sort of support png but transparency was clearly too much for the IE programmers. That's why everybody still uses transparent gifs (which are much less attractive due to the lack of alpha channel support) and ugly css hacks (which due to faulty implementations is not easy either). Png's work beautifully in mozilla though.

If only MS could be bothered to fully implement web standards, it would be much easier to create nice looking sites.